FireFly IP Packet-filtering firewall (617)
FireFly offers a rules-based dynamic packet-filtering firewall which also supports stateful inspection of packets. It is designed specifically for use in embedded devices. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies. FireFly is a member of the TeamF1 Internet Software Extensions for Classification and Traffic Shaping (INSECTS) suite.
- Fully configurable anti-spoofing IP packet filtering
- Extremely small footprint
- Low network latency
- Dynamic firewall support in conjunction with NAT
- Forwarding and logging hooks
- Built-in stateful inspection support for TCP, UDP and ICMP
- Easily controlled by webserver through string based CLI
- Includes rule numbering support and advanced "or" blocks in rules
- Support for rule "sets"
- Support for CPU types of either endian-ness including PowerPC,MIPS, X86, ARM/XScale
- Royalty-free full source distribution for VxWorks and Linux!
- Source and destination IP addresses and MAC types
- Source and destination port numbers
- IP/TCP/UDP/ICMP Protocol based filtering
- TCP window and flags such as FIN, SYN, RST, PUSH, ACK and URG
- All ICMP types
- IP options such as strict source route, loose source route, record route, version, TTL, and time stamp
- Fragment flag, service type (TOS), IP ID and IP precedence in the IP header
- MAC address, MAC type
- SSLimSecure SSL: Secure Socket Layer & TLS
- ClassHopper: Alternate Queuing Disciplines
- SSHield SSH: Secure Shell & SFTP/SCP
- V-IPSecure IPSec & IKE: Network Layer Security
FireFly is a robust, lean, high performance, packet-filtering firewall implementation that secures access to and from networked embedded devices. Its core engine permits or denies packets from passing through it based on pre-defined and easily configurable policies. Its unique, advanced features include hooks for dynamic firewalling and stateful inspection. Its small footprint and robustness have been specifically designed for use in an embedded environment. FireFly offers unprecedented flexibility and easy customization make it the firewall of choice in embedded networking applications.
Stateful inspection is an enhancement over static and dynamic inspection and provides the ability to track and control the flow of communication passing through the firewall filter. This offers the ability to keep track of state and context information about a session and simplifies rules and tries to interpret higher-level protocols such as NFS and RPC. FireFly provides stateful inspection for TCP/UDP/ICMP packets and further enables custom versions of circuit-level filtering and application-level filtering to be easily added with the hooks provided.
FireFly supports a customizable management interface that can be programmatically controlled or presented through a string-based command layer, which can be easily controlled through a web-server, with structured data files such as XML, or via a command line interface (CLI). Support for rule numbering provides ease of overriding at any level. Customizable hooks for logging and forwarding enable specific actions to be taken when accepting or rejecting packets.
Securing a connected embedded device requires security in different dimensions. FireFly system security features include keeping an embedded device protected from external access on specific ports. This perimeter or system security acts as a powerful complement to network security which protects data in transit, when it is used with security solutions such as SSL, SSH and IPsec solutions by TeamF1. For example, a combination of SSHield SSH tunneling and FireFly restricted external access enables sophisticated security policy settings by allowing only a single or few secure points of entrance through the network to the embedded device.
FireFly is available with optimized editions for both the latest, and older but still popular, versions of VxWorks and embedded Linux. Special attention to optimization includes support for the native network driver model, and enhanced memory management. It has been extensively validated on a variety of CPU architectures to minimize development and integration efforts. FireFly for VxWorks 5.x, 6.x, AE, and platforms such as Network Equipment (PNE), Consumer Devices (PCD) and Industrial Devices (PID) bundles, include optimized support for multi-tasking and memory partitions. FireFly for embedded Linux has been optimized for multi-processing and memory management on the 2.4 and 2.6 kernel variants. It transparently works with a wide selection of stacks including: those bundled with VxWorks, Linux, or NetF1 the high performance stack by TeamF1. Like the other members of the INSECTS suite, it is built as a network service that binds itself with the MUX layer, thereby guaranteeing compatibility with any embedded application with minimal to no changes, and without any special network stack source code requirement.
If you are interested in more information on how Wind River partners with this company, click here.